d1e9f9d573i9oc.cloudfront.net Open in urlscan Pro
65.9.58.194 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://d322i5e66mhkx0.cloudfront.net/?rid=7X7E5Iw
Effective URL:
https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize
Submission: On January 20 via manual (January 20th 2023, 4:22:07 pm UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 9 HTTP transactions. The main IP is 65.9.58.194, located in United States and belongs to AMAZON-02, US. The main domain is d1e9f9d573i9oc.cloudfront.net.
TLS certificate: Issued by Amazon RSA 2048 M01 on December 8th 2022. Valid for: a year.

This is the only time d1e9f9d573i9oc.cloudfront.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	13.32.23.73 13.32.23.73	16509 (AMAZON-02) (AMAZON-02)
1	65.9.58.194 65.9.58.194	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:e2:... 2606:4700:e2::ac40:850f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:6ea0:c70... 2a02:6ea0:c700::18	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2620:1ec:4e:1... 2620:1ec:4e:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9	7

1 13.32.23.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-23-73.fra56.r.cloudfront.net

d322i5e66mhkx0.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.58.194 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-58-194.fra56.r.cloudfront.net

d1e9f9d573i9oc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:850f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6ea0:c700::18 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

maxcdn.icons8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:4e:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	64 KB
2	icons8.com maxcdn.icons8.com — Cisco Umbrella Rank: 81032	51 KB
2	cloudfront.net d322i5e66mhkx0.cloudfront.net d1e9f9d573i9oc.cloudfront.net	18 KB
1	msauth.net aadcdn.msauth.net — Cisco Umbrella Rank: 1148	1 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 846	13 KB
9	5

	Domain	Requested by
3	cdnjs.cloudflare.com	d1e9f9d573i9oc.cloudfront.net
2	maxcdn.icons8.com	d1e9f9d573i9oc.cloudfront.net maxcdn.icons8.com
1	aadcdn.msauth.net	d1e9f9d573i9oc.cloudfront.net
1	use.fontawesome.com	d1e9f9d573i9oc.cloudfront.net
1	d1e9f9d573i9oc.cloudfront.net
1	d322i5e66mhkx0.cloudfront.net
9	6

This site contains links to these domains. Also see Links.

Domain
account.microsoft.com
login.microsoftonline.com
privacy.microsoft.com
www.microsoft.com

Subject Issuer	Validity	Valid
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
1220595937.rsc.cdn77.org R3	`2023-01-10` - `2023-04-10`	3 months	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2022-08-23` - `2023-08-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize
Frame ID: FF05001A7ACD6671C74CCC8782B79DBC
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your Microsoft account

Page URL History Show full URLs

https://d322i5e66mhkx0.cloudfront.net/?rid=7X7E5Iw Page URL
https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

148 kB
Transfer

475 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://account.microsoft.com/account/manage-my-account
Title: Create one!

Search URL Search Domain Scan URL

URL: https://login.microsoftonline.com/d17ca24c-e720-4800-bc39-0af50ef8a461/saml2?SAMLRequest=lZJRb9MwFIX%2FSuT3JLaTtomVZiqrEJUGVGvhgRfkODebhWMHX2eDfz83Y2IvTOL16hx%2F5xy5ufo1muQBPGpnt4RllFy1zW4O9%2FYWfs6AIYkCi1syeyucRI3CyhFQBCVOu483gmdUTN4Fp5whz2KBcjRvOyQi%2BBCZJPn6Ao93khz2W%2FJ93Q8FK3q24isqOXRFtSlr1pWgKs7ksKK8o0MN0PFoQJzhYDFIG%2BIblPOUVimvz6wWRS3KIluvym8k2ccu2sqwoO5DmFDkuXF32majVt6hG4KzRlvIlBvznm2U5KVKYcNpWlaUpp0q6pRe8DBUslyz%2FNIzRti9lLl2FucR%2FAn8g1bw5fbmL0oZN%2FepjMtmM2ZymjCbpHHSRCqER%2Bd%2F4ALGKZcKSXL8s%2Bk7bXtt796es3sWofhwPh%2FT4%2BfTmbTNJZ1Y5vHt%2F6do8tf%2B5lNkHvZHZ7T6nbx3fpTh35FYxpaL7tNhkYrZ4gRKDxr6uJcx7vHagwywJcHPQPK2yV9%2FuvYJ&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=gam1IIvZjRfxrGdN0K5eBnLuzpRnepQRkfdfPj9oGSgTEZUt5AFmDHb5zSqEFdIse4qTHCCzsUlETnhS5LhBR84lgTHQt4tv1vbhlrJfkNNmnfHcyfRmBqrKUoXzIM6NvRo7Lvc3660WfZXV60IURiB7TKsov2Hb%2BPigEyfNTcxlmnGCes%2FVEMaTHq%2F1769X2v9xN30QWu1FGhB1Pm8PVlipgb%2FZR%2B%2BPtkp2ulPAZXJvr2k0aqvuut8qlbz%2BE6PPMDT8CRykpwAoFyMxHaN4UGF2C18g0VsKYqcv54XtmxZh5o7zCsP6HSfQNgi2FmyEuWoUubFpO%2FUWXSwJ8LSBCQ%3D%3D&RelayState=_6df313d15250a2eb387491b4ec821af502b0f9eeb2
Title: •••

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Privacy & cookies

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Terms of use

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://d322i5e66mhkx0.cloudfront.net/?rid=7X7E5Iw Page URL
https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
d322i5e66mhkx0.cloudfront.net/ 176 B
441 B 479ms
428ms Document
text/html 13.32.23.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d322i5e66mhkx0.cloudfront.net/?rid=7X7E5Iw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.23.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-23-73.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 176
content-type: text/html; charset=utf-8
date: Fri, 20 Jan 2023 16:22:02 GMT
vary: Accept-Encoding
via: 1.1 9928105291571d6cae52bcb916c898d8.cloudfront.net (CloudFront)
x-amz-cf-id: JpvbSHFLHURmz1tPdZpqgA1arEsxtoAui9NJ03ATe0TWEI9vl6r2Rw==
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
x-server: gophish

GET
H2 200 Primary Request authorize Show response
d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/ 18 KB
18 KB 627ms
576ms Document
text/html 65.9.58.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.194 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-58-194.fra56.r.cloudfront.net
Software: /
Resource Hash: 27e25622780b9812bac94b95987f28b915319e7181ca9b4a2d5e365a5338a27e

Request headers

Referer: https://d322i5e66mhkx0.cloudfront.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 18134
content-type: text/html
date: Fri, 20 Jan 2023 16:22:02 GMT
via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
x-amz-cf-id: gjYTDkTgwxbUu4mZ2JC1PyXIfu8VQCzEMqETF1fOHKp4-g0QISJkGg==
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/ 157 KB
18 KB 38ms
19ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/css/bootstrap.min.css

Requested by

Host: d1e9f9d573i9oc.cloudfront.net
URL: https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1e9f9d573i9oc.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 16:22:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6047626
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17522
last-modified: Tue, 12 May 2020 17:56:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ebae359-27293"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yzZnFQksETgBKoMr7NHLsYw3WtauykhnWoYHJrYTAVEUA%2BJarfDqlzvkkbIhRLxxwX4JeDG9ywDRq72Rfxr3jmIrAoEa4WZ3BKrDKAwrb80WFWCd9wo06siXt%2FLwTMS5i%2BL2hNyFWalTxXl4UcJdUnh0"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78c9258bdfb0699f-FRA
expires: Wed, 10 Jan 2024 16:22:02 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.12.0/css/ 56 KB
13 KB 47ms
27ms Stylesheet
text/css 2606:4700:e2::ac40:850f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.12.0/css/all.css
Requested by: Host: d1e9f9d573i9oc.cloudfront.net
URL: https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1e9f9d573i9oc.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 16:22:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: WW0SMPVZ3DDWBVEP
age: 31119460
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: K48IQ59hKbigkhmy4UojoFa2vDjTV8JX7VkQHOPNW3+qXhSnc8bzwT9SdJsHO0U4gS/T3W1E+B0=
last-modified: Wed, 30 Jun 2021 15:37:55 GMT
server: cloudflare
etag: W/"500d1a92f875b1d96d37a3a3f8f0438c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2FxKsa7i1p7bVzw2HJ9UGvgmTnFsFZp09N4atpRPSwVZGDMibARKHsyem0nlVWcIVpM8ytGS3%2FUd6sqtDh5975XNpJ0kLP97tvpkO0aQQgQ0HK4TduqTJtzE8wVpaGluHR7D8Jopt0A565hfMH39uyyg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 78c9258bdaa992ad-FRA

GET
H2 200 line-awesome.min.css
maxcdn.icons8.com/fonts/line-awesome/1.1/css/ 27 KB
6 KB 106ms
20ms Stylesheet
text/css 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.css
Requested by: Host: d1e9f9d573i9oc.cloudfront.net
URL: https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1e8638f605575bd335d49efa95e165adf7ef06dda8e367661ac2517a0a3a96b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1e9f9d573i9oc.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 20 Jan 2023 16:22:02 GMT
content-encoding: gzip
x-amz-request-id: 5D258725N4CAF9T8
x-cache: HIT
x-77-cache: HIT
x-age: 269043
x-amz-id-2: 5HutC4YTRTLjoDrI6H9GoNJUVSRXatuDlNIZwLl893UTNOrhhV7FLYgLrUGCi+IgRz1youDrcLU=
x-77-nzt: AZySIRkWo2b/8xoEAA
x-accel-expires: @1674999479
last-modified: Mon, 06 Jun 2022 09:58:54 GMT
server: CDN77-Turbo
etag: W/"4334c8c70998d81bde3e6765828811a6"
x-77-nzt-ray: cf878727b2908fc9aabfca63bc65bb37
content-type: text/css; charset=utf-8
x-amz-meta-mtime: 1654507817.389231056

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c70940d2d7189accb410e734f4e5e5bd4191d3e418db6939e76a9e7a01e471e1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 87 KB
28 KB 20ms
19ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: d1e9f9d573i9oc.cloudfront.net
URL: https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1e9f9d573i9oc.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 16:22:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 684232
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27958
last-modified: Mon, 04 May 2020 23:01:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb09ed3-15d84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xw%2F1xboDFCtKpI1VJjzp2Ma1js8f3oLV0m2%2FaO3WJ9u3xiFsF0mqRYxF%2Bcy2hxgr4x0DmOmh3%2F13XForWMVqFReovzQMnr8gBdtViWt%2FBdq5tGchFaWjRS83qC10YMQo6b%2BSgq8jzR%2BaWL4yK4F4WYoa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78c9258c487f699f-FRA
expires: Wed, 10 Jan 2024 16:22:02 GMT

GET
H2 200 bootstrap.bundle.min.js Show response
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/ 79 KB
19 KB 21ms
21ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.0/js/bootstrap.bundle.min.js

Requested by

Host: d1e9f9d573i9oc.cloudfront.net
URL: https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5edf297381b409d711bc8d27676951a59e151e783412850332519c05243d1e24

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1e9f9d573i9oc.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Fri, 20 Jan 2023 16:22:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 62316
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19084
last-modified: Tue, 12 May 2020 17:56:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ebae359-13cbc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UUroZe8Pz%2Bh%2Bk7ZS4RmvP8RmEunxmxR7ahPjOtZoy4%2FhFI4RsesNXBgpUf4M80SomJMeG%2FHL7dS%2BFBLq1K6WliIoxjAXcWu1hX3ae1Nax6jAXD7ubmMcro%2FOLRT%2BBVVvmGqzisZAwA9NtWo81gJQ9DD5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78c9258c4881699f-FRA
expires: Wed, 10 Jan 2024 16:22:02 GMT

GET
H2 200 2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msauth.net/shared/1.0/content/images/backgrounds/ 2 KB
1 KB 96ms
12ms Image
image/svg+xml 2620:1ec:4e:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by: Host: d1e9f9d573i9oc.cloudfront.net
URL: https://d1e9f9d573i9oc.cloudfront.net/login.microsoftonline.com/common/oauth2/authorize
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4e:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1e9f9d573i9oc.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 20 Jan 2023 16:22:02 GMT
content-encoding: gzip
x-azure-ref-originshield: 0DCjJYwAAAAD3sMmq0JcpQbjBPpurg1RPRlJBMjMxMDUwNDE3MDM1ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
content-md5: DhdidjYrlCeaRJJRG/y9mA==
x-cache: TCP_HIT
content-length: 673
x-ms-lease-status: unlocked
last-modified: Wed, 12 Feb 2020 22:01:30 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D7B0071D86E386
x-azure-ref: 0q7/KYwAAAABDNquq5POkR5AFh+BFJLjpRlJBMzFFREdFMDkxOAAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 9c2687b7-d01e-002a-18eb-2ba855000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 line-awesome.woff2
maxcdn.icons8.com/fonts/line-awesome/1.1/fonts/ 44 KB
45 KB 22ms
7ms Font
font/woff2 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.icons8.com/fonts/line-awesome/1.1/fonts/line-awesome.woff2?v=1.1.
Requested by: Host: maxcdn.icons8.com
URL: https://maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0

Request headers

Referer: https://maxcdn.icons8.com/fonts/line-awesome/1.1/css/line-awesome.min.css
Origin: https://d1e9f9d573i9oc.cloudfront.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 20 Jan 2023 16:22:02 GMT
x-amz-request-id: 96456BFVVS7CTW0M
x-cache: HIT
x-77-cache: HIT
x-age: 269474
content-length: 45108
x-amz-id-2: +C6CLIzNU3xHI9SzrKD8J21V1X5EUGZPuQUQlR9f5QOvsUftaMNW2rwXrVT+uEEpN8+2ny1q8k8=
x-77-nzt: AZySIRmZN7T/ohwEAA
x-accel-expires: @1674999048
last-modified: Mon, 06 Jun 2022 09:58:53 GMT
server: CDN77-Turbo
etag: "452a5b42cb4819f09d35bcf6cbdb24c1"
x-77-nzt-ray: cf878727168aa9cbaabfca636b96a13a
vary: Origin
content-type: font/woff2
access-control-allow-origin: https://d1e9f9d573i9oc.cloudfront.net
accept-ranges: bytes
x-amz-meta-mtime: 1654507811.164297687

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
cdnjs.cloudflare.com
d1e9f9d573i9oc.cloudfront.net
d322i5e66mhkx0.cloudfront.net
maxcdn.icons8.com
use.fontawesome.com
13.32.23.73
2606:4700::6811:190e
2606:4700:e2::ac40:850f
2620:1ec:4e:1::45
2a02:6ea0:c700::18
65.9.58.194
063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1e8638f605575bd335d49efa95e165adf7ef06dda8e367661ac2517a0a3a96b4
27e25622780b9812bac94b95987f28b915319e7181ca9b4a2d5e365a5338a27e
5edf297381b409d711bc8d27676951a59e151e783412850332519c05243d1e24
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
c70940d2d7189accb410e734f4e5e5bd4191d3e418db6939e76a9e7a01e471e1
c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

d1e9f9d573i9oc.cloudfront.net Open in urlscan Pro 65.9.58.194 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

67 %IPv6

5 Domains

6 Subdomains

7 IPs

2 Countries

148 kBTransfer

475 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

d1e9f9d573i9oc.cloudfront.net Open in urlscan Pro
65.9.58.194 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

148 kB
Transfer

475 kB
Size

0
Cookies

9 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!